General

  • Target

    modest-menu.exe

  • Size

    1012KB

  • Sample

    240710-vjprjsygpn

  • MD5

    eb02a51e3f0949663984ec3acf771d0d

  • SHA1

    06bb936fa0aadd1ec9824b4cd4462e48da12f830

  • SHA256

    9a36d26b871a2de4d30f8c70c27afadf739093eb00bdb54e43d1be0dd311514b

  • SHA512

    7d2415e41a55747bd860d7186348dd38aeb05e96c7227bde05046661101a4c829dedb86a37dbc86815bc1122d4270e432bc6d95deff751c92cb05532db1da342

  • SSDEEP

    24576:s4L2InzbTDtjGBuzvyhzoxEfDgMG4NPSpjWz9KMCel:SIzP5jWAvQM/8SpKBKzel

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://answerrsdo.shop/api

https://bouncedgowp.shop/api

https://bannngwko.shop/api

https://bargainnykwo.shop/api

https://affecthorsedpo.shop/api

https://radiationnopp.shop/api

https://publicitttyps.shop/api

https://benchillppwo.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      modest-menu.exe

    • Size

      1012KB

    • MD5

      eb02a51e3f0949663984ec3acf771d0d

    • SHA1

      06bb936fa0aadd1ec9824b4cd4462e48da12f830

    • SHA256

      9a36d26b871a2de4d30f8c70c27afadf739093eb00bdb54e43d1be0dd311514b

    • SHA512

      7d2415e41a55747bd860d7186348dd38aeb05e96c7227bde05046661101a4c829dedb86a37dbc86815bc1122d4270e432bc6d95deff751c92cb05532db1da342

    • SSDEEP

      24576:s4L2InzbTDtjGBuzvyhzoxEfDgMG4NPSpjWz9KMCel:SIzP5jWAvQM/8SpKBKzel

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      $TEMP/Advantage

    • Size

      55KB

    • MD5

      f3583eb1e2b24f22b18f952ad2523c49

    • SHA1

      760c4d12bf291c1415415f588d9ec2304fb80568

    • SHA256

      808b624226e9d768b3a41ea917bfb099a069d71697ed51d347eedb173d3db6d7

    • SHA512

      ef3b7dc30d939a5e5c04a60f454c76527d13009d5df669d926912bb521b81740a9a71eceb14b619d615b371583e87d93617400dad79bdc6a0ae14cf6b82a39f9

    • SSDEEP

      768:A8+sDkXLAlMoLVNIo8DJWxWWbP75qcaTlKWzhQVNsbSSkLQ7PqYIueIVvaOsibzA:M7bAlHL/4aj5Vf7gqYrui3A

    Score
    1/10
    • Target

      $TEMP/Arrangements

    • Size

      125KB

    • MD5

      2fed43e71c00e8ba4e4812ede092a3ad

    • SHA1

      91406ad8199c99047f0ff81886f16d3f96f82543

    • SHA256

      f86f0c7901d3768d0240cac5fadb24ec3a70c478a8e241848d37003046bab22a

    • SHA512

      e198076dd8f1b4c96997892c0b7afe9db23e72d9e376dd552159052e5d6bb3fbc7becf5c997a514652cf1a4b6d7737f197f2ac3227492aa7c436e9997dd04c2d

    • SSDEEP

      3072:mWN7SGgqOjOTDPNGBcmzoRQNur62OtIluMj:bRSGgqBDIBceur6ltIAMj

    Score
    1/10
    • Target

      $TEMP/Auto

    • Size

      19KB

    • MD5

      3be4b5a402fea1d46b93cc10075bddd2

    • SHA1

      9dad39e5e5f7309cb68d39bd9f14b18101b15d88

    • SHA256

      6e8f655876670322b0acf1a1b2868de0636908fcfd8823c02d738d13519a1d12

    • SHA512

      d8b437b9f7a383034efd0fccee841f4ac2291ca0df2016143d1786d09943c12e5bf63a8c735f88a7ed52baed4d40be90013021f635e9ac93c8d996a93b2c5d51

    • SSDEEP

      384:86XtasmC84Ll9iRrNXxdB1gv4PSTNVvmQXPMYSckSllpFC/0vB9Kr6dVo9x:LXtiC84Ll9iRfdB1gpjXgckS9cAXKOde

    Score
    1/10
    • Target

      $TEMP/Believe

    • Size

      39KB

    • MD5

      02ead0c9858044ac35199230cb3ab139

    • SHA1

      2ff088e0f73dcf1e1e4d4e1b4acc6b63febb909a

    • SHA256

      d185919875ba821f92e14e46344ae96e343cf41f19d8f46a23589ab78538c8ea

    • SHA512

      eb3008b7019ee3cc66a51abb469dc752aaebc684894b4db975131eb9d793c96c1f841c2d56d6366d1f3e28897c03aeb337838169df96ff37fe91dcc2da4f741f

    • SSDEEP

      768:V1xEte07EWGnikscax2OCkQuG4ypQ9Fsqib9futLZzWaIxyKw7nB:V1uYtWGJG2kQyyy9FskzWaIxOd

    Score
    6/10
    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Target

      $TEMP/Concord

    • Size

      37KB

    • MD5

      9e54cd35059c72e43735836dda986f5d

    • SHA1

      617554bb3ff29716b67caf1284d819866b82af86

    • SHA256

      cb8165bc704dbbd8532b8fc8e39d8902e421640229134853316dddd27304440f

    • SHA512

      0f6cd020025c437e6692e350c5645446a528a17f60f1376cc5943d594fe34a16dc3b06e11528c57aae8d89f49168e0a26f0f263c693e52d4b82fc3048dda6ce5

    • SSDEEP

      768:iYTrIx+I0IKQ8SbkXhdqgWWwr2G+jvEHHzR3Sh0:lHIx10IKQ8SoXTqgWVrZ+Int3S2

    Score
    1/10
    • Target

      $TEMP/Date

    • Size

      23KB

    • MD5

      691d085c47ae40840542b9d4796ec6de

    • SHA1

      edef6c2afdfd011a8a856d046f9c2b56c14f24d5

    • SHA256

      a4deefffa64a55b9ea4aaec7193f08adcaf634de875b725d63923cb8afdc8533

    • SHA512

      55c9618d4cf477f84f165852e70c0d7a37f635345a826c456f912221d394cf6b4bf42e40f8c492272dbf1dd48d6977b239af6dde02539856877d481704f16188

    • SSDEEP

      384:m7f6zNGB0toYwquY2nLAyH9JRWwPC4HwS9dDY9Qz7IMJy92HbAYjL52ykPAOzUoZ:O6zNGB0toYyncyH9JRpHbDYA22HbbjNY

    Score
    1/10
    • Target

      $TEMP/Dynamics

    • Size

      18KB

    • MD5

      a55fe7301a8331c3e202bbb350837c51

    • SHA1

      a55c84023ff48af7ffdc229db28f45334d5f36a5

    • SHA256

      bc8c60c912824deba76b5815c73272bf15b5a1a625a65a31015a03fb2b921f7d

    • SHA512

      5d34b2b029e2d22ffdc90f56d561823e3eeeecb910b5742add387b78a438797c005177ce04718ec7c46d3558d56e8bf5a7129f995aa1d8eef94f300632b0f312

    • SSDEEP

      384:5NQ6tDlK5amvTsCVjBkgMpRje6TtgguvVtLo/r/H:5iwDIUKo+jBAfe6TtgguvC

    Score
    1/10
    • Target

      $TEMP/Eco

    • Size

      92KB

    • MD5

      d52d093c2ad11a7fa8caa82118312324

    • SHA1

      ead4b9d075e88e48a1de94b69b19e113476be660

    • SHA256

      073569dd893fae4c511183289f63a86364d404eb9203f9f0520c604590808c06

    • SHA512

      b311bb24344dd9829139c6784595c898e9abef230a3b965d0127e84c7c4d25e880df3e1cc6030c406da84a5ea2e806ffe6cbfb6f75563a4ea077c2fa4c5f207e

    • SSDEEP

      1536:4IL8TRtqM0kwYW/H+XMBZS/fgoWfsoeysHpbMFBTtnIv1oYs2ioWZFNX5uUuIwP7:4IURt90kw5WCS/ooWfstFBM/TtI9o32v

    Score
    1/10
    • Target

      $TEMP/Enabling

    • Size

      26KB

    • MD5

      b8eeb773052aa634fcda25c6a74633de

    • SHA1

      576f435cadcd3ae2d366a32e562e7a64ec0e7d8b

    • SHA256

      98687cff8ff2bf7de91bf8ba6d59906590e95451b6d178e61020bb1320217924

    • SHA512

      32de3b2412540841f021d214dc6c2106dcb71b4c876625423cecd6d7f522ebb42b4c570364385c5dcacfffdce6c45536e131bfcf1119e459219e5413a99f871d

    • SSDEEP

      192:mtlernjuPzQ0nMi4BA48PQh+NEpCarucTE6QZSSYA13KcqIb/rvOz:FDj21naB3pMygarucTQ0Snh3HvOz

    Score
    1/10
    • Target

      $TEMP/F

    • Size

      38KB

    • MD5

      14816518caf15aaa457c24cdba7533b4

    • SHA1

      bff3122a80f5d9c60b9d8b6dbc12e8177abd3418

    • SHA256

      7f6b87bec48a8bc8723104f0e7e49a615a57aae92b17c408b89b402530b0b231

    • SHA512

      4b8480052ac524085f8d0e75c7b4b6071b36772df14519ee7e1b77562913472c926cdd34845754665609506972ff25401eeb9d1b905ad9ec9fb1965c1cef894c

    • SSDEEP

      768:kiReINDpWPIDJ0vLyktlgwYtfKUGabl8UvrcyzJs/:kinN8PsJitgXKUvl8UTcyzJA

    Score
    1/10
    • Target

      $TEMP/Fax

    • Size

      91KB

    • MD5

      10c3f393a193fc3a75571e32bc9a7af4

    • SHA1

      1df5d1158c697b1f519cfac40b9c0279c82b5605

    • SHA256

      5d26906575ef47159261b4272255a707ed22a48a85a93a1a139d2b485af66e67

    • SHA512

      490b8b5cd6a43de1627af4e6cd02032315cf8123c3d6f43f2c188e7e0bfc3bb3caeeb016e08ab9e21ef592e9d8150a0e0140d2159e556c5f13f53e658f4c0afb

    • SSDEEP

      1536:AUSIcx7ftsr/M/FSLJwECNWftnyxzbOvoL19VkJaTucxWCyN+trGrFftxclNm2Uq:zSlx7ajaSLatNStL6N03/x+rGrFtOjZx

    Score
    1/10
    • Target

      $TEMP/Flow

    • Size

      67KB

    • MD5

      4d208ce6b834f65cfbd5003a33eb0885

    • SHA1

      1aaa9d411b90df88b7606784485897985ddbb25c

    • SHA256

      c3479095c5afe1d7c66a07f386d2c498f8b7faacad022dd24d8b6c15cf0af0a4

    • SHA512

      e1a31eae919358ba1fbbfe6a0af7b5fc9bff2e81ed38d02747a81e120fb16a85318f3dee15f6c5152a3e43d8745daeb5d260e590909c262017ef472269dc2acd

    • SSDEEP

      1536:60Hikj06LDykFIcizp97bA3EKNcpzjIqIinTglynkQ3+EX0eoP:60V06pijcE9pzjIqnnTJkQ3+1

    Score
    1/10
    • Target

      $TEMP/Inappropriate

    • Size

      51KB

    • MD5

      7e83454195c83b0961b1741fa29369b5

    • SHA1

      3d85e2d801065a81dfcca89c6a1b10dd84e83de1

    • SHA256

      4e1750b70791ca81d57049a3cedc97cc7a843c5de5f5d9ed156dbdd516e45675

    • SHA512

      8cf03c11d946ce298dfe76901387a6a43da09c01f97d9895c708ff3cfd241bd274094b41be3dcc2bf56aefa3b22446ec3b9f06a169fc9b553a58bc6259e56d8e

    • SSDEEP

      1536:bCJ5h3FsoejQ1/9klkp5VLGEDuaiC7v8xV96A6:of3qoT1/Qkp5IKuLuv8xVT6

    Score
    1/10
    • Target

      $TEMP/Lobby

    • Size

      32KB

    • MD5

      9cc46881959800f39ad3fa31fddc5e9b

    • SHA1

      99af6c1a963382061014ae0c8e0057e75227c19b

    • SHA256

      3e4f9cf22f35fb57cc0d98ed3f396c72bebfe64c645c670ff74d96ae5b4ba6e0

    • SHA512

      96084f42f0d35211516c92ffea4f1095412e25e672fa2218d767186e77519dd1965bb21ddb3b06823a3c1578ac84e3df7a53094e49a498591bfea8875d8e4db4

    • SSDEEP

      768:Qb3jsJhQlEF2VVay1N5J3SoO6Qku2ox3hOk3Hsu1iz0:QbgjQWq8GV3jOTJh1Xl20

    Score
    1/10
    • Target

      $TEMP/Maple

    • Size

      144KB

    • MD5

      d99951681ca785e10c3dcf0eda9289a2

    • SHA1

      3014fa710fbf5b0c0f11f744a5767958fa09d379

    • SHA256

      02016b08121445b1138c60d0cb7b4624dc5ffad5986349c00fc28963b4a1c29a

    • SHA512

      eac57095aa4f8cccf076d39735a2e4a0d695fcc3ea344d941809b0080f6df1c01cc7f36eb2070de91460a176e5aeb194009fdb08a773572221c47087d80be9ac

    • SSDEEP

      3072:49AUStK7MXevssqxN62PVU1EkmX9RKonCWspNXS8+fKjY/Jglz+vgCltL1FR05xn:oAUStK7MXaCxN6mU2kTo2pNXSv2Y/Jvy

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks